The criminals behind Linux/Cdorked,.a web server backdoor, are targeting the lighttpd and NGINX web servers. This is in addition to the already discovered compromised Apache HTTPD servers, according to a blog post by the anti-virus specialists at ESET. Cdorked turns web servers into malware machines, sending a selection of their visitors to malicious pages used by exploit kits like Black Hole.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump